7 files changed, 35 insertions, 156 deletions
diff --git a/meta-oe/recipes-support/openldap/openldap/install-strip.patch b/meta-oe/recipes-support/openldap/openldap/install-strip.patch
index b59db3939e..b757aabb00 100644
--- a/meta-oe/recipes-support/openldap/openldap/install-strip.patch
+++ b/meta-oe/recipes-support/openldap/openldap/install-strip.patch
@@ -6,7 +6,7 @@ Upstream-Status: Pending
 --- a/build/top.mk
 +++ b/build/top.mk
-@@ -121,7 +121,7 @@ LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD)
+@@ -125,7 +125,7 @@ LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
 LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \
        $(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD)
 
diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch b/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch
index 91bcc0435e..f551861a3e 100644
--- a/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch
+++ b/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch
@@ -2,13 +2,11 @@ From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/fi
 Upstream-status: Pending
--
+--- a/configure.ac
+++ b/configure.ac
--- a/configure.in
+@@ -1263,7 +1263,7 @@ if test $ol_link_tls = no ; then
-+++ b/configure.in
-@@ -1227,7 +1227,7 @@ if test $ol_link_tls = no ; then
-                                ol_with_tls=gnutls
                                ol_link_tls=yes
+                                WITH_TLS_TYPE=gnutls
 
 -                               TLS_LIBS="-lgnutls"
 +                               TLS_LIBS="-lgnutls -lgcrypt"
diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch b/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch
deleted file mode 100644
index ab5c4de66a..0000000000
--- a/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-openldap CVE-2015-3276
-the patch comes from:
-https://bugzilla.redhat.com/show_bug.cgi?id=1238322
-https://bugzilla.redhat.com/attachment.cgi?id=1055640
-The nss_parse_ciphers function in libraries/libldap/tls_m.c in
-OpenLDAP does not properly parse OpenSSL-style multi-keyword mode
-cipher strings, which might cause a weaker than intended cipher to
-be used and allow remote attackers to have unspecified impact via
-unknown vectors.
-Upstream-Status: Pending
-CVE: CVE-2015-3276
-Signed-off-by: Li Wang <li.wang@windriver.com>
---
- libraries/libldap/tls_m.c |   27 ++++++++++++++++-----------
- 1 file changed, 16 insertions(+), 11 deletions(-)
--- a/libraries/libldap/tls_m.c
-+++ b/libraries/libldap/tls_m.c
-@@ -620,18 +620,23 @@ nss_parse_ciphers(const char *cipherstr,
-                         */
-                        if (mask || strength || protocol) {
-                                for (i=0; i<ciphernum; i++) {
-                                       if (((ciphers_def[i].attr & mask) ||
-                                                (ciphers_def[i].strength & strength) ||
-                                                (ciphers_def[i].version & protocol)) &&
-                                               (cipher_list[i] != -1)) {
-                                               /* Enable the NULL ciphers only if explicity
-                                                * requested */
-                                               if (ciphers_def[i].attr & SSL_eNULL) {
-                                                       if (mask & SSL_eNULL)
-                                                               cipher_list[i] = action;
-                                               } else
-+                                       /* if more than one mask is provided
-+                                        * then AND logic applies (to match openssl)
-+                                        */
-+                                       if ( cipher_list[i] == -1) )
-+                                               continue;
-+                                       if ( mask && ! (ciphers_def[i].attr & mask) )
-+                                               continue;
-+                                       if ( strength && ! (ciphers_def[i].strength & strength) )
-+                                               continue;
-+                                       if ( protocol && ! (ciphers_def[i].version & protocol) )
-+                                               continue;
-+                                       /* Enable the NULL ciphers only if explicity requested */
-+                                       if (ciphers_def[i].attr & SSL_eNULL) {
-+                                               if (mask & SSL_eNULL)
-                                                        cipher_list[i] = action;
-                                       }
-+                                       } else
-+                                               cipher_list[i] = action;
-                                }
-                        } else {
-                                for (i=0; i<ciphernum; i++) {
diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-m4-pthread.patch b/meta-oe/recipes-support/openldap/openldap/openldap-m4-pthread.patch
deleted file mode 100644
index 4d1fda96e4..0000000000
--- a/meta-oe/recipes-support/openldap/openldap/openldap-m4-pthread.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream-Status: Pending
--- a/build/openldap.m4
-+++ b/build/openldap.m4
-@@ -651,7 +651,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
- ]])
- 
- AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
-AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
-+[AC_LANG_SOURCE([[OL_PTHREAD_TEST_INCLUDES
- 
- int main(argc, argv)
-        int argc;
-@@ -659,7 +659,7 @@ int main(argc, argv)
- {
- OL_PTHREAD_TEST_FUNCTION
- }
-]))
-+]])])
- dnl --------------------------------------------------------------------
- AC_DEFUN([OL_PTHREAD_TRY], [# Pthread try link: $1 ($2)
- if test "$ol_link_threads" = no ; then
diff --git a/meta-oe/recipes-support/openldap/openldap/thread_stub.patch b/meta-oe/recipes-support/openldap/openldap/thread_stub.patch
deleted file mode 100644
index 540ba4a635..0000000000
--- a/meta-oe/recipes-support/openldap/openldap/thread_stub.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-openldap: set pointer
-When the function ldap_pvt_thread_pool_getkey() succeeds, it
-must set the value of *data since the caller may try to use it.
-Upstream-Status: pending
-Signed-off-by: Joe Slater <jslater@windriver.com>
--- a/libraries/libldap_r/thr_stub.c
-+++ b/libraries/libldap_r/thr_stub.c
-@@ -217,6 +217,7 @@ ldap_pvt_thread_pool_unidle ( ldap_pvt_t
- int ldap_pvt_thread_pool_getkey (
-        void *ctx, void *key, void **data, ldap_pvt_thread_pool_keyfree_t **kfree )
- {
-+       if (data) *data = NULL;  /* avoid problems with uninitialized *data */
-        return(0);
- }
- 
diff --git a/meta-oe/recipes-support/openldap/openldap/use-urandom.patch b/meta-oe/recipes-support/openldap/openldap/use-urandom.patch
index 96a03369a7..6783b5175b 100644
--- a/meta-oe/recipes-support/openldap/openldap/use-urandom.patch
+++ b/meta-oe/recipes-support/openldap/openldap/use-urandom.patch
@@ -8,20 +8,17 @@ Upstream-Status: pending
 Signed-off-by: Joe Slater <jslater@windriver.com>
+--- a/configure.ac
--- a/configure.in
+++ b/configure.ac
-+++ b/configure.in
+@@ -2117,6 +2117,7 @@ AC_SUBST(systemdsystemunitdir)
-@@ -2153,8 +2153,8 @@ fi
 
 dnl ----------------------------------------------------------------
 dnl Check for entropy sources
 +dev=no
 if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then
-       dev=no
+        dev=no
        if test -r /dev/urandom ; then
-                dev="/dev/urandom";
+@@ -2131,9 +2132,11 @@ if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then
-        elif test -r /idev/urandom ; then
-@@ -2167,9 +2167,11 @@ if test $cross_compiling != yes && test
                dev="/idev/random";
        fi
 
@@ -29,7 +26,7 @@ Signed-off-by: Joe Slater <jslater@windriver.com>
 -               AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device])
 -       fi
 +elif test $cross_compiling == yes ; then
-+       dev="/dev/urandom";
+       dev="/dev/urandom";
 +fi
 +if test $dev != no ; then
 +       AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device])
diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.58.bb b/meta-oe/recipes-support/openldap/openldap_2.5.8.bb
index f9dc58a4c0..07d9fe6cf5 100644
--- a/meta-oe/recipes-support/openldap/openldap_2.4.58.bb
+++ b/meta-oe/recipes-support/openldap/openldap_2.5.8.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "http://www.OpenLDAP.org/license.html"
 # basically BSD.  opensource.org does not record this license
 # at present (so it is apparently not OSI certified).
 LICENSE = "OpenLDAP"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b6dea6c170362fc46381fe3690c722cb \
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=5cc6ef74da4ad25d707c4f5903d64975 \
                    file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972 \
                    "
 SECTION = "libs"
@@ -15,18 +15,15 @@ SECTION = "libs"
 LDAP_VER = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"
 SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/${BP}.tgz \
-    file://openldap-m4-pthread.patch \
    file://openldap-2.4.28-gnutls-gcrypt.patch \
    file://use-urandom.patch \
    file://initscript \
    file://slapd.service \
-    file://thread_stub.patch \
-    file://openldap-CVE-2015-3276.patch \
    file://remove-user-host-pwd-from-version.patch \
 "
-SRC_URI[md5sum] = "c203d735ba69976e5b28dc39006f29b5"
+SRC_URI[md5sum] = "86e3ffce4adfc57cbb76ac0ff48b2614"
-SRC_URI[sha256sum] = "57b59254be15d0bf6a9ab3d514c1c05777b02123291533134a87c94468f8f47b"
+SRC_URI[sha256sum] = "366ea1c3b24202de4481978b632128c0cfe4148d4ae13cabf93a1f38c56472dc"
 DEPENDS = "util-linux groff-native"
@@ -35,7 +32,7 @@ DEPENDS = "util-linux groff-native"
 # environments
 SRC_URI += "file://install-strip.patch"
-inherit autotools-brokensep update-rc.d systemd
+inherit autotools-brokensep update-rc.d systemd pkgconfig
 # CV SETTINGS
 # Required to work round AC_FUNC_MEMCMP which gets the wrong answer
@@ -50,8 +47,8 @@ EXTRA_OECONF += "--with-yielding-select=yes"
 # Shared libraries are nice...
 EXTRA_OECONF += "--enable-dynamic"
-PACKAGECONFIG ??= "gnutls modules \
+PACKAGECONFIG ??= "asyncmeta gnutls modules \
-                   mdb ldap meta monitor null passwd shell proxycache dnssrv \
+                   mdb ldap meta null passwd proxycache dnssrv \
                   ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
 "
 #--with-tls              with TLS/SSL support auto|openssl|gnutls [auto]
@@ -72,25 +69,20 @@ EXTRA_OECONF += "--enable-crypt"
 # The backend must be set by the configuration.  This controls the
 # required database.
 #
-# Backends="bdb dnssrv hdb ldap mdb meta monitor ndb null passwd perl relay shell sock sql"
+# Backends="asyncmeta dnssrv ldap mdb meta ndb null passwd perl relay sock sql wt"
 #
 # Note that multiple backends can be built.  The ldbm backend requires a
-# build-time choice of database API.  The bdb backend forces this to be
+# build-time choice of database API. To use the gdbm (or other) API the 
-# DB4.  To use the gdbm (or other) API the Berkely database module must
+# Berkely database module must be removed from the build.
-# be removed from the build.
 md = "${libexecdir}/openldap"
 #
-#--enable-bdb          enable Berkeley DB backend no|yes|mod yes
-# The Berkely DB is the standard choice.  This version of OpenLDAP requires
+#--enable-asyncmeta    enable asyncmeta backend no|yes|mod no
-# the version 4 implementation or better.
+PACKAGECONFIG[asyncmeta] = "--enable-asyncmeta=mod,--enable-asyncmeta=no"
-PACKAGECONFIG[bdb] = "--enable-bdb=yes,--enable-bdb=no,db"
 #--enable-dnssrv       enable dnssrv backend no|yes|mod no
 PACKAGECONFIG[dnssrv] = "--enable-dnssrv=mod,--enable-dnssrv=no"
-#--enable-hdb          enable Hierarchical DB backend no|yes|mod no
-PACKAGECONFIG[hdb] = "--enable-hdb=yes,--enable-hdb=no,db"
 #--enable-ldap         enable ldap backend no|yes|mod no
 PACKAGECONFIG[ldap] = "--enable-ldap=mod,--enable-ldap=no,"
@@ -100,9 +92,6 @@ PACKAGECONFIG[mdb] = "--enable-mdb=yes,--enable-mdb=no,"
 #--enable-meta         enable metadirectory backend no|yes|mod no
 PACKAGECONFIG[meta] = "--enable-meta=mod,--enable-meta=no,"
-#--enable-monitor      enable monitor backend no|yes|mod yes
-PACKAGECONFIG[monitor] = "--enable-monitor=mod,--enable-monitor=no,"
 #--enable-ndb          enable MySQL NDB Cluster backend no|yes|mod [no]
 PACKAGECONFIG[ndb] = "--enable-ndb=mod,--enable-ndb=no,"
@@ -121,10 +110,6 @@ PACKAGECONFIG[perl] = "--enable-perl=mod,--enable-perl=no,perl"
 #--enable-relay        enable relay backend no|yes|mod [yes]
 PACKAGECONFIG[relay] = "--enable-relay=mod,--enable-relay=no,"
-#--enable-shell        enable shell backend no|yes|mod no
-# configure: WARNING: Use of --without-threads is recommended with back-shell
-PACKAGECONFIG[shell] = "--enable-shell=mod --without-threads,--enable-shell=no,"
 #--enable-sock         enable sock backend no|yes|mod [no]
 PACKAGECONFIG[sock] = "--enable-sock=mod,--enable-sock=no,"
@@ -133,6 +118,10 @@ PACKAGECONFIG[sock] = "--enable-sock=mod,--enable-sock=no,"
 # sqlite.h (which may be compatible but hasn't been tried.)
 PACKAGECONFIG[sql] = "--enable-sql=mod,--enable-sql=no,sqlite3"
+#--enable-wt           enable wt backend no|yes|mod no
+# back-wt is marked currently as experimental
+PACKAGECONFIG[wt] = "--enable-wt=mod,--enable-wt=no"
 #--enable-dyngroup     Dynamic Group overlay no|yes|mod no
 #  This is a demo, Proxy Cache defines init_module which conflicts with the
 #  same symbol in dyngroup
@@ -176,7 +165,7 @@ FILES:${PN}-slapd = "${sysconfdir}/init.d ${libexecdir}/slapd ${sbindir} ${local
    ${sysconfdir}/openldap/DB_CONFIG.example ${systemd_unitdir}/system/*"
 FILES:${PN}-slurpd = "${libexecdir}/slurpd ${localstatedir}/openldap-slurp"
 FILES:${PN}-bin = "${bindir}"
-FILES:${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la ${libexecdir}/openldap/*.a ${libexecdir}/openldap/*.la ${libexecdir}/openldap/*.so"
+FILES:${PN}-dev = "${includedir} ${libdir}/lib*.so ${libdir}/*.la ${libexecdir}/openldap/*.a ${libexecdir}/openldap/*.la ${libexecdir}/openldap/*.so ${libdir}/pkgconfig/*.pc"
 FILES:${PN}-dbg += "${libexecdir}/openldap/.debug"
 do_install:append() {
@@ -210,8 +199,6 @@ do_install:append() {
        -i ${D}${sysconfdir}/openldap/slapd.conf
    mkdir -p ${D}${localstatedir}/${BPN}/data
 }
 INITSCRIPT_PACKAGES = "${PN}-slapd"
@@ -220,19 +207,16 @@ INITSCRIPT_PARAMS:${PN}-slapd = "defaults"
 SYSTEMD_SERVICE:${PN}-slapd = "hostapd.service"
 SYSTEMD_AUTO_ENABLE:${PN}-slapd ?= "disable"
 PACKAGES_DYNAMIC += "^${PN}-backends.* ^${PN}-backend-.*"
 # The modules require their .so to be dynamicaly loaded
-INSANE_SKIP:${PN}-backend-dnssrv  += "dev-so"
+INSANE_SKIP:${PN}-backend-asyncmeta  += "dev-so"
-INSANE_SKIP:${PN}-backend-ldap    += "dev-so"
+INSANE_SKIP:${PN}-backend-dnssrv     += "dev-so"
-INSANE_SKIP:${PN}-backend-meta    += "dev-so"
+INSANE_SKIP:${PN}-backend-ldap       += "dev-so"
-INSANE_SKIP:${PN}-backend-mdb     += "dev-so"
+INSANE_SKIP:${PN}-backend-meta       += "dev-so"
-INSANE_SKIP:${PN}-backend-monitor += "dev-so"
+INSANE_SKIP:${PN}-backend-mdb        += "dev-so"
-INSANE_SKIP:${PN}-backend-null    += "dev-so"
+INSANE_SKIP:${PN}-backend-null       += "dev-so"
-INSANE_SKIP:${PN}-backend-passwd  += "dev-so"
+INSANE_SKIP:${PN}-backend-passwd     += "dev-so"
-INSANE_SKIP:${PN}-backend-shell   += "dev-so"
 python populate_packages:prepend () {
    backend_dir    = d.expand('${libexecdir}/openldap')

diff --git a/meta-oe/recipes-support/openldap/openldap/install-strip.patch b/meta-oe/recipes-support/openldap/openldap/install-strip.patch index b59db3939e..b757aabb00 100644 --- a/meta-oe/recipes-support/openldap/openldap/install-strip.patch +++ b/meta-oe/recipes-support/openldap/openldap/install-strip.patch
@@ -6,7 +6,7 @@ Upstream-Status: Pending
6		6
7	--- a/build/top.mk	7	--- a/build/top.mk
8	+++ b/build/top.mk	8	+++ b/build/top.mk
9	@@ -121,7 +121,7 @@ LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD)	9	@@ -125,7 +125,7 @@ LTCOMPILE_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
10	LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \	10	LTLINK_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=link \
11	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD)	11	$(CC) $(LT_CFLAGS) $(LDFLAGS) $(LTFLAGS_MOD)
12		12


diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch b/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch index 91bcc0435e..f551861a3e 100644 --- a/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch +++ b/meta-oe/recipes-support/openldap/openldap/openldap-2.4.28-gnutls-gcrypt.patch
@@ -2,13 +2,11 @@ From http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-nds/openldap/fi
2		2
3	Upstream-status: Pending	3	Upstream-status: Pending
4		4
5	--	5	--- a/configure.ac
6		6	+++ b/configure.ac
7	--- a/configure.in	7	@@ -1263,7 +1263,7 @@ if test $ol_link_tls = no ; then
8	+++ b/configure.in
9	@@ -1227,7 +1227,7 @@ if test $ol_link_tls = no ; then
10	ol_with_tls=gnutls
11	ol_link_tls=yes	8	ol_link_tls=yes
		9	WITH_TLS_TYPE=gnutls
12		10
13	- TLS_LIBS="-lgnutls"	11	- TLS_LIBS="-lgnutls"
14	+ TLS_LIBS="-lgnutls -lgcrypt"	12	+ TLS_LIBS="-lgnutls -lgcrypt"


diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch b/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch deleted file mode 100644 index ab5c4de66a..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/openldap-CVE-2015-3276.patch +++ /dev/null
@@ -1,58 +0,0 @@
1	openldap CVE-2015-3276
2
3	the patch comes from:
4	https://bugzilla.redhat.com/show_bug.cgi?id=1238322
5	https://bugzilla.redhat.com/attachment.cgi?id=1055640
6
7	The nss_parse_ciphers function in libraries/libldap/tls_m.c in
8	OpenLDAP does not properly parse OpenSSL-style multi-keyword mode
9	cipher strings, which might cause a weaker than intended cipher to
10	be used and allow remote attackers to have unspecified impact via
11	unknown vectors.
12
13	Upstream-Status: Pending
14
15	CVE: CVE-2015-3276
16
17	Signed-off-by: Li Wang <li.wang@windriver.com>
18	---
19	libraries/libldap/tls_m.c \| 27 ++++++++++++++++-----------
20	1 file changed, 16 insertions(+), 11 deletions(-)
21
22	--- a/libraries/libldap/tls_m.c
23	+++ b/libraries/libldap/tls_m.c
24	@@ -620,18 +620,23 @@ nss_parse_ciphers(const char *cipherstr,
25	*/
26	if (mask \|\| strength \|\| protocol) {
27	for (i=0; i<ciphernum; i++) {
28	- if (((ciphers_def[i].attr & mask) \|\|
29	- (ciphers_def[i].strength & strength) \|\|
30	- (ciphers_def[i].version & protocol)) &&
31	- (cipher_list[i] != -1)) {
32	- /* Enable the NULL ciphers only if explicity
33	- * requested */
34	- if (ciphers_def[i].attr & SSL_eNULL) {
35	- if (mask & SSL_eNULL)
36	- cipher_list[i] = action;
37	- } else
38	+ /* if more than one mask is provided
39	+ * then AND logic applies (to match openssl)
40	+ */
41	+ if ( cipher_list[i] == -1) )
42	+ continue;
43	+ if ( mask && ! (ciphers_def[i].attr & mask) )
44	+ continue;
45	+ if ( strength && ! (ciphers_def[i].strength & strength) )
46	+ continue;
47	+ if ( protocol && ! (ciphers_def[i].version & protocol) )
48	+ continue;
49	+ /* Enable the NULL ciphers only if explicity requested */
50	+ if (ciphers_def[i].attr & SSL_eNULL) {
51	+ if (mask & SSL_eNULL)
52	cipher_list[i] = action;
53	- }
54	+ } else
55	+ cipher_list[i] = action;
56	}
57	} else {
58	for (i=0; i<ciphernum; i++) {


diff --git a/meta-oe/recipes-support/openldap/openldap/openldap-m4-pthread.patch b/meta-oe/recipes-support/openldap/openldap/openldap-m4-pthread.patch deleted file mode 100644 index 4d1fda96e4..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/openldap-m4-pthread.patch +++ /dev/null
@@ -1,22 +0,0 @@
1	Upstream-Status: Pending
2
3	--- a/build/openldap.m4
4	+++ b/build/openldap.m4
5	@@ -651,7 +651,7 @@ AC_DEFUN([OL_PTHREAD_TEST_FUNCTION],[[
6	]])
7
8	AC_DEFUN([OL_PTHREAD_TEST_PROGRAM],
9	-AC_LANG_SOURCE([OL_PTHREAD_TEST_INCLUDES
10	+[AC_LANG_SOURCE([[OL_PTHREAD_TEST_INCLUDES
11
12	int main(argc, argv)
13	int argc;
14	@@ -659,7 +659,7 @@ int main(argc, argv)
15	{
16	OL_PTHREAD_TEST_FUNCTION
17	}
18	-]))
19	+]])])
20	dnl --------------------------------------------------------------------
21	AC_DEFUN([OL_PTHREAD_TRY], [# Pthread try link: $1 ($2)
22	if test "$ol_link_threads" = no ; then


diff --git a/meta-oe/recipes-support/openldap/openldap/thread_stub.patch b/meta-oe/recipes-support/openldap/openldap/thread_stub.patch deleted file mode 100644 index 540ba4a635..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/thread_stub.patch +++ /dev/null
@@ -1,20 +0,0 @@
1	openldap: set pointer
2
3	When the function ldap_pvt_thread_pool_getkey() succeeds, it
4	must set the value of *data since the caller may try to use it.
5
6	Upstream-Status: pending
7
8	Signed-off-by: Joe Slater <jslater@windriver.com>
9
10
11	--- a/libraries/libldap_r/thr_stub.c
12	+++ b/libraries/libldap_r/thr_stub.c
13	@@ -217,6 +217,7 @@ ldap_pvt_thread_pool_unidle ( ldap_pvt_t
14	int ldap_pvt_thread_pool_getkey (
15	void ctx, void key, void data, ldap_pvt_thread_pool_keyfree_t kfree )
16	{
17	+ if (data) data = NULL; / avoid problems with uninitialized data /
18	return(0);
19	}
20


diff --git a/meta-oe/recipes-support/openldap/openldap/use-urandom.patch b/meta-oe/recipes-support/openldap/openldap/use-urandom.patch index 96a03369a7..6783b5175b 100644 --- a/meta-oe/recipes-support/openldap/openldap/use-urandom.patch +++ b/meta-oe/recipes-support/openldap/openldap/use-urandom.patch
@@ -8,20 +8,17 @@ Upstream-Status: pending
8		8
9	Signed-off-by: Joe Slater <jslater@windriver.com>	9	Signed-off-by: Joe Slater <jslater@windriver.com>
10		10
11		11	--- a/configure.ac
12	--- a/configure.in	12	+++ b/configure.ac
13	+++ b/configure.in	13	@@ -2117,6 +2117,7 @@ AC_SUBST(systemdsystemunitdir)
14	@@ -2153,8 +2153,8 @@ fi
15		14
16	dnl ----------------------------------------------------------------	15	dnl ----------------------------------------------------------------
17	dnl Check for entropy sources	16	dnl Check for entropy sources
18	+dev=no	17	+dev=no
19	if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then	18	if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then
20	- dev=no	19	dev=no
21	if test -r /dev/urandom ; then	20	if test -r /dev/urandom ; then
22	dev="/dev/urandom";	21	@@ -2131,9 +2132,11 @@ if test $cross_compiling != yes && test "$ac_cv_mingw32" != yes ; then
23	elif test -r /idev/urandom ; then
24	@@ -2167,9 +2167,11 @@ if test $cross_compiling != yes && test
25	dev="/idev/random";	22	dev="/idev/random";
26	fi	23	fi
27		24
@@ -29,7 +26,7 @@ Signed-off-by: Joe Slater <jslater@windriver.com>
29	- AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device])	26	- AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device])
30	- fi	27	- fi
31	+elif test $cross_compiling == yes ; then	28	+elif test $cross_compiling == yes ; then
32	+ dev="/dev/urandom";	29	+ dev="/dev/urandom";
33	+fi	30	+fi
34	+if test $dev != no ; then	31	+if test $dev != no ; then
35	+ AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device])	32	+ AC_DEFINE_UNQUOTED(URANDOM_DEVICE,"$dev",[set to urandom device])


diff --git a/meta-oe/recipes-support/openldap/openldap_2.4.58.bb b/meta-oe/recipes-support/openldap/openldap_2.5.8.bb index f9dc58a4c0..07d9fe6cf5 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.4.58.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.5.8.bb
@@ -7,7 +7,7 @@ HOMEPAGE = "http://www.OpenLDAP.org/license.html"
7	# basically BSD. opensource.org does not record this license	7	# basically BSD. opensource.org does not record this license
8	# at present (so it is apparently not OSI certified).	8	# at present (so it is apparently not OSI certified).
9	LICENSE = "OpenLDAP"	9	LICENSE = "OpenLDAP"
10	LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b6dea6c170362fc46381fe3690c722cb \	10	LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=5cc6ef74da4ad25d707c4f5903d64975 \
11	file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972 \	11	file://LICENSE;md5=153d07ef052c4a37a8fac23bc6031972 \
12	"	12	"
13	SECTION = "libs"	13	SECTION = "libs"
@@ -15,18 +15,15 @@ SECTION = "libs"
15	LDAP_VER = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"	15	LDAP_VER = "${@'.'.join(d.getVar('PV').split('.')[0:2])}"
16		16
17	SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/${BP}.tgz \	17	SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/${BP}.tgz \
18	file://openldap-m4-pthread.patch \
19	file://openldap-2.4.28-gnutls-gcrypt.patch \	18	file://openldap-2.4.28-gnutls-gcrypt.patch \
20	file://use-urandom.patch \	19	file://use-urandom.patch \
21	file://initscript \	20	file://initscript \
22	file://slapd.service \	21	file://slapd.service \
23	file://thread_stub.patch \
24	file://openldap-CVE-2015-3276.patch \
25	file://remove-user-host-pwd-from-version.patch \	22	file://remove-user-host-pwd-from-version.patch \
26	"	23	"
27		24
28	SRC_URI[md5sum] = "c203d735ba69976e5b28dc39006f29b5"	25	SRC_URI[md5sum] = "86e3ffce4adfc57cbb76ac0ff48b2614"
29	SRC_URI[sha256sum] = "57b59254be15d0bf6a9ab3d514c1c05777b02123291533134a87c94468f8f47b"	26	SRC_URI[sha256sum] = "366ea1c3b24202de4481978b632128c0cfe4148d4ae13cabf93a1f38c56472dc"
30		27
31	DEPENDS = "util-linux groff-native"	28	DEPENDS = "util-linux groff-native"
32		29
@@ -35,7 +32,7 @@ DEPENDS = "util-linux groff-native"
35	# environments	32	# environments
36	SRC_URI += "file://install-strip.patch"	33	SRC_URI += "file://install-strip.patch"
37		34
38	inherit autotools-brokensep update-rc.d systemd	35	inherit autotools-brokensep update-rc.d systemd pkgconfig
39		36
40	# CV SETTINGS	37	# CV SETTINGS
41	# Required to work round AC_FUNC_MEMCMP which gets the wrong answer	38	# Required to work round AC_FUNC_MEMCMP which gets the wrong answer
@@ -50,8 +47,8 @@ EXTRA_OECONF += "--with-yielding-select=yes"
50	# Shared libraries are nice...	47	# Shared libraries are nice...
51	EXTRA_OECONF += "--enable-dynamic"	48	EXTRA_OECONF += "--enable-dynamic"
52		49
53	PACKAGECONFIG ??= "gnutls modules \	50	PACKAGECONFIG ??= "asyncmeta gnutls modules \
54	mdb ldap meta monitor null passwd shell proxycache dnssrv \	51	mdb ldap meta null passwd proxycache dnssrv \
55	${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \	52	${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
56	"	53	"
57	#--with-tls with TLS/SSL support auto\|openssl\|gnutls [auto]	54	#--with-tls with TLS/SSL support auto\|openssl\|gnutls [auto]
@@ -72,25 +69,20 @@ EXTRA_OECONF += "--enable-crypt"
72	# The backend must be set by the configuration. This controls the	69	# The backend must be set by the configuration. This controls the
73	# required database.	70	# required database.
74	#	71	#
75	# Backends="bdb dnssrv hdb ldap mdb meta monitor ndb null passwd perl relay shell sock sql"	72	# Backends="asyncmeta dnssrv ldap mdb meta ndb null passwd perl relay sock sql wt"
76	#	73	#
77	# Note that multiple backends can be built. The ldbm backend requires a	74	# Note that multiple backends can be built. The ldbm backend requires a
78	# build-time choice of database API. The bdb backend forces this to be	75	# build-time choice of database API. To use the gdbm (or other) API the
79	# DB4. To use the gdbm (or other) API the Berkely database module must	76	# Berkely database module must be removed from the build.
80	# be removed from the build.
81	md = "${libexecdir}/openldap"	77	md = "${libexecdir}/openldap"
82	#	78	#
83	#--enable-bdb enable Berkeley DB backend no\|yes\|mod yes	79
84	# The Berkely DB is the standard choice. This version of OpenLDAP requires	80	#--enable-asyncmeta enable asyncmeta backend no\|yes\|mod no
85	# the version 4 implementation or better.	81	PACKAGECONFIG[asyncmeta] = "--enable-asyncmeta=mod,--enable-asyncmeta=no"
86	PACKAGECONFIG[bdb] = "--enable-bdb=yes,--enable-bdb=no,db"
87		82
88	#--enable-dnssrv enable dnssrv backend no\|yes\|mod no	83	#--enable-dnssrv enable dnssrv backend no\|yes\|mod no
89	PACKAGECONFIG[dnssrv] = "--enable-dnssrv=mod,--enable-dnssrv=no"	84	PACKAGECONFIG[dnssrv] = "--enable-dnssrv=mod,--enable-dnssrv=no"
90		85
91	#--enable-hdb enable Hierarchical DB backend no\|yes\|mod no
92	PACKAGECONFIG[hdb] = "--enable-hdb=yes,--enable-hdb=no,db"
93
94	#--enable-ldap enable ldap backend no\|yes\|mod no	86	#--enable-ldap enable ldap backend no\|yes\|mod no
95	PACKAGECONFIG[ldap] = "--enable-ldap=mod,--enable-ldap=no,"	87	PACKAGECONFIG[ldap] = "--enable-ldap=mod,--enable-ldap=no,"
96		88
@@ -100,9 +92,6 @@ PACKAGECONFIG[mdb] = "--enable-mdb=yes,--enable-mdb=no,"
100	#--enable-meta enable metadirectory backend no\|yes\|mod no	92	#--enable-meta enable metadirectory backend no\|yes\|mod no
101	PACKAGECONFIG[meta] = "--enable-meta=mod,--enable-meta=no,"	93	PACKAGECONFIG[meta] = "--enable-meta=mod,--enable-meta=no,"
102		94
103	#--enable-monitor enable monitor backend no\|yes\|mod yes
104	PACKAGECONFIG[monitor] = "--enable-monitor=mod,--enable-monitor=no,"
105
106	#--enable-ndb enable MySQL NDB Cluster backend no\|yes\|mod [no]	95	#--enable-ndb enable MySQL NDB Cluster backend no\|yes\|mod [no]
107	PACKAGECONFIG[ndb] = "--enable-ndb=mod,--enable-ndb=no,"	96	PACKAGECONFIG[ndb] = "--enable-ndb=mod,--enable-ndb=no,"
108		97
@@ -121,10 +110,6 @@ PACKAGECONFIG[perl] = "--enable-perl=mod,--enable-perl=no,perl"
121	#--enable-relay enable relay backend no\|yes\|mod [yes]	110	#--enable-relay enable relay backend no\|yes\|mod [yes]
122	PACKAGECONFIG[relay] = "--enable-relay=mod,--enable-relay=no,"	111	PACKAGECONFIG[relay] = "--enable-relay=mod,--enable-relay=no,"
123		112
124	#--enable-shell enable shell backend no\|yes\|mod no
125	# configure: WARNING: Use of --without-threads is recommended with back-shell
126	PACKAGECONFIG[shell] = "--enable-shell=mod --without-threads,--enable-shell=no,"
127
128	#--enable-sock enable sock backend no\|yes\|mod [no]	113	#--enable-sock enable sock backend no\|yes\|mod [no]
129	PACKAGECONFIG[sock] = "--enable-sock=mod,--enable-sock=no,"	114	PACKAGECONFIG[sock] = "--enable-sock=mod,--enable-sock=no,"
130		115
@@ -133,6 +118,10 @@ PACKAGECONFIG[sock] = "--enable-sock=mod,--enable-sock=no,"
133	# sqlite.h (which may be compatible but hasn't been tried.)	118	# sqlite.h (which may be compatible but hasn't been tried.)
134	PACKAGECONFIG[sql] = "--enable-sql=mod,--enable-sql=no,sqlite3"	119	PACKAGECONFIG[sql] = "--enable-sql=mod,--enable-sql=no,sqlite3"
135		120
		121	#--enable-wt enable wt backend no\|yes\|mod no
		122	# back-wt is marked currently as experimental
		123	PACKAGECONFIG[wt] = "--enable-wt=mod,--enable-wt=no"
		124
136	#--enable-dyngroup Dynamic Group overlay no\|yes\|mod no	125	#--enable-dyngroup Dynamic Group overlay no\|yes\|mod no
137	# This is a demo, Proxy Cache defines init_module which conflicts with the	126	# This is a demo, Proxy Cache defines init_module which conflicts with the
138	# same symbol in dyngroup	127	# same symbol in dyngroup
@@ -176,7 +165,7 @@ FILES:${PN}-slapd = "${sysconfdir}/init.d ${libexecdir}/slapd ${sbindir} ${local
176	${sysconfdir}/openldap/DB_CONFIG.example ${systemd_unitdir}/system/*"	165	${sysconfdir}/openldap/DB_CONFIG.example ${systemd_unitdir}/system/*"
177	FILES:${PN}-slurpd = "${libexecdir}/slurpd ${localstatedir}/openldap-slurp"	166	FILES:${PN}-slurpd = "${libexecdir}/slurpd ${localstatedir}/openldap-slurp"
178	FILES:${PN}-bin = "${bindir}"	167	FILES:${PN}-bin = "${bindir}"
179	FILES:${PN}-dev = "${includedir} ${libdir}/lib.so ${libdir}/.la ${libexecdir}/openldap/.a ${libexecdir}/openldap/.la ${libexecdir}/openldap/*.so"	168	FILES:${PN}-dev = "${includedir} ${libdir}/lib.so ${libdir}/.la ${libexecdir}/openldap/.a ${libexecdir}/openldap/.la ${libexecdir}/openldap/.so ${libdir}/pkgconfig/.pc"
180	FILES:${PN}-dbg += "${libexecdir}/openldap/.debug"	169	FILES:${PN}-dbg += "${libexecdir}/openldap/.debug"
181		170
182	do_install:append() {	171	do_install:append() {
@@ -210,8 +199,6 @@ do_install:append() {
210	-i ${D}${sysconfdir}/openldap/slapd.conf	199	-i ${D}${sysconfdir}/openldap/slapd.conf
211		200
212	mkdir -p ${D}${localstatedir}/${BPN}/data	201	mkdir -p ${D}${localstatedir}/${BPN}/data
213
214
215	}	202	}
216		203
217	INITSCRIPT_PACKAGES = "${PN}-slapd"	204	INITSCRIPT_PACKAGES = "${PN}-slapd"
@@ -220,19 +207,16 @@ INITSCRIPT_PARAMS:${PN}-slapd = "defaults"
220	SYSTEMD_SERVICE:${PN}-slapd = "hostapd.service"	207	SYSTEMD_SERVICE:${PN}-slapd = "hostapd.service"
221	SYSTEMD_AUTO_ENABLE:${PN}-slapd ?= "disable"	208	SYSTEMD_AUTO_ENABLE:${PN}-slapd ?= "disable"
222		209
223
224	PACKAGES_DYNAMIC += "^${PN}-backends.* ^${PN}-backend-.*"	210	PACKAGES_DYNAMIC += "^${PN}-backends.* ^${PN}-backend-.*"
225		211
226	# The modules require their .so to be dynamicaly loaded	212	# The modules require their .so to be dynamicaly loaded
227	INSANE_SKIP:${PN}-backend-dnssrv += "dev-so"	213	INSANE_SKIP:${PN}-backend-asyncmeta += "dev-so"
228	INSANE_SKIP:${PN}-backend-ldap += "dev-so"	214	INSANE_SKIP:${PN}-backend-dnssrv += "dev-so"
229	INSANE_SKIP:${PN}-backend-meta += "dev-so"	215	INSANE_SKIP:${PN}-backend-ldap += "dev-so"
230	INSANE_SKIP:${PN}-backend-mdb += "dev-so"	216	INSANE_SKIP:${PN}-backend-meta += "dev-so"
231	INSANE_SKIP:${PN}-backend-monitor += "dev-so"	217	INSANE_SKIP:${PN}-backend-mdb += "dev-so"
232	INSANE_SKIP:${PN}-backend-null += "dev-so"	218	INSANE_SKIP:${PN}-backend-null += "dev-so"
233	INSANE_SKIP:${PN}-backend-passwd += "dev-so"	219	INSANE_SKIP:${PN}-backend-passwd += "dev-so"
234	INSANE_SKIP:${PN}-backend-shell += "dev-so"
235
236		220
237	python populate_packages:prepend () {	221	python populate_packages:prepend () {
238	backend_dir = d.expand('${libexecdir}/openldap')	222	backend_dir = d.expand('${libexecdir}/openldap')